16 matches found
EUVD-2019-19312
Malware in sbrugna...
EUVD-2019-19311
Malware in sbrugna...
CVE-2019-9957
Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...
CVE-2019-9958
CSRF within the admin panel in Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests...
Quadbase Systems EspressReport ES Cross-Site Scripting Vulnerability
Quadbase Systems EspressReport ES ERES is a centralized business intelligence reporting solution from Quadbase Systems, USA. A cross-site scripting vulnerability exists in Quadbase Systems ERES version 7.0 update 7. The vulnerability stems from a lack of proper validation of client-side data by t...
Quadbase Systems EspressReport ES Cross-Site Request Forgery Vulnerability
Quadbase Systems EspressReport ES ERES is a centralized business intelligence reporting solution from Quadbase Systems, USA. A cross-site request forgery vulnerability in the admin panel in Quadbase Systems ERES v7.0 update 7 can be exploited by an attacker to send an unintended request to the...
CVE-2019-9957
Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...
CVE-2019-9957
Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...
CVE-2019-9958
CSRF within the admin panel in Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests...
Cross site scripting
Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...
Cross site request forgery (csrf)
CSRF within the admin panel in Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests...
CVE-2019-9957
Quadbase EspressReport ES (ERES) v7.0 update 7 suffers a Stored XSS vulnerability: an attacker can store a payload by creating a new user with a malicious username, which can be triggered on the Set Security Levels or View User/Group Relationships pages. Exploitation requires permission to create...
CVE-2019-9957
Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...
CVE-2019-9958
CSRF within the admin panel in Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests...
CVE-2019-9958
The CVE-2019-9958 entry affects Quadbase EspressReport ES (ERES) v7.0 update 7, where a CSRF flaw in the admin panel allows remote attackers to escalate privileges or create new admin accounts by coercing an authenticated admin’s session to perform unintended requests. The vulnerability arises fr...
PT-2019-19957 · E Press · Espressreport Es
Name of the Vulnerable Software and Affected Versions: EspressReport ES ERES version 7.0 update 7 Description: The issue allows remote attackers to escalate privileges or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to...